r4314: added ACL checking on unlink

(This used to be commit f25c469693517ed993e0379d8b07cd7eb235a669)

diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index 95a4e5765c02a02632a3e81f8f2eae2bc4192086..5302cc95244444d3ed396e840dec6daaefbbcbdc 100644 (file)
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -390,3 +390,16 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
        
        return status;
 }
+
+
+/*
+  a simplified interface to access check, designed for calls that
+  do not take or return an access check mask
+*/
+NTSTATUS pvfs_access_check_simple(struct pvfs_state *pvfs, 
+                                 struct smbsrv_request *req,
+                                 struct pvfs_filename *name,
+                                 uint32_t access_needed)
+{
+       return pvfs_access_check(pvfs, req, name, &access_needed);
+}

diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
index 7cb8a5d90c629cec28cf4fe22f81984cbfa17b66..34052fc44aefe2a5a49f496a63944fd48aa6b818 100644 (file)
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -1211,7 +1211,9 @@ NTSTATUS pvfs_change_create_options(struct pvfs_state *pvfs,
   determine if a file can be deleted, or if it is prevented by an
   already open file
 */
-NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, struct pvfs_filename *name)
+NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, 
+                        struct smbsrv_request *req,
+                        struct pvfs_filename *name)
 {
        NTSTATUS status;
        DATA_BLOB key;
@@ -1228,6 +1230,10 @@ NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, struct pvfs_filename *name)
                              NTCREATEX_OPTIONS_DELETE_ON_CLOSE, 
                              SEC_STD_DELETE);
 
+       if (NT_STATUS_IS_OK(status)) {
+               status = pvfs_access_check_simple(pvfs, req, name, SEC_STD_DELETE);
+       }
+
        return status;
 }
 

diff --git a/source4/ntvfs/posix/pvfs_rename.c b/source4/ntvfs/posix/pvfs_rename.c
index cba9cace5950bcb0ab849bba1f86830162384310..0ca05bbc170e4cb5ccd1fb332197b6e0d466c024 100644 (file)
--- a/source4/ntvfs/posix/pvfs_rename.c
+++ b/source4/ntvfs/posix/pvfs_rename.c
@@ -162,7 +162,7 @@ static NTSTATUS pvfs_rename_one(struct pvfs_state *pvfs,
        status = pvfs_resolve_partial(pvfs, mem_ctx, 
                                      dir_path, fname2, &name2);
        if (NT_STATUS_IS_OK(status)) {
-               status = pvfs_can_delete(pvfs, name2);
+               status = pvfs_can_delete(pvfs, req, name2);
                if (!NT_STATUS_IS_OK(status)) {
                        talloc_free(mem_ctx);
                        return status;

diff --git a/source4/ntvfs/posix/pvfs_setfileinfo.c b/source4/ntvfs/posix/pvfs_setfileinfo.c
index 2a06def2b47198716168bdd433c73dc47c99c132..295d2e919e099f624820379b73b75496b6cd0b27 100644 (file)
--- a/source4/ntvfs/posix/pvfs_setfileinfo.c
+++ b/source4/ntvfs/posix/pvfs_setfileinfo.c
@@ -91,7 +91,7 @@ static NTSTATUS pvfs_setfileinfo_rename(struct pvfs_state *pvfs,
                        return NT_STATUS_OBJECT_NAME_COLLISION;
                }
 
-               status = pvfs_can_delete(pvfs, name2);
+               status = pvfs_can_delete(pvfs, req, name2);
                if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION)) {
                        return NT_STATUS_ACCESS_DENIED;
                }

diff --git a/source4/ntvfs/posix/pvfs_unlink.c b/source4/ntvfs/posix/pvfs_unlink.c
index f29a70600fc324247544798b56d20fcef6dc008b..09732d7735b9009a47076fb1adbd469964afcbf0 100644 (file)
--- a/source4/ntvfs/posix/pvfs_unlink.c
+++ b/source4/ntvfs/posix/pvfs_unlink.c
@@ -27,7 +27,9 @@
 /*
   unlink a stream
  */
-static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, struct pvfs_filename *name, 
+static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, 
+                                  struct smbsrv_request *req,
+                                  struct pvfs_filename *name, 
                                   uint16_t attrib)
 {
        NTSTATUS status;
@@ -42,7 +44,7 @@ static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, struct pvfs_filename
                return status;
        }
 
-       status = pvfs_can_delete(pvfs, name);
+       status = pvfs_can_delete(pvfs, req, name);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -54,7 +56,8 @@ static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, struct pvfs_filename
 /*
   unlink one file
 */
-static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,
+static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, 
+                               struct smbsrv_request *req,
                                const char *unix_path, 
                                const char *fname, uint32_t attrib)
 {
@@ -62,7 +65,7 @@ static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,
        NTSTATUS status;
 
        /* get a pvfs_filename object */
-       status = pvfs_resolve_partial(pvfs, mem_ctx, 
+       status = pvfs_resolve_partial(pvfs, req, 
                                      unix_path, fname, &name);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
@@ -75,7 +78,7 @@ static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,
                return status;
        }
 
-       status = pvfs_can_delete(pvfs, name);
+       status = pvfs_can_delete(pvfs, req, name);
        if (!NT_STATUS_IS_OK(status)) {
                talloc_free(name);
                return status;
@@ -133,7 +136,7 @@ NTSTATUS pvfs_unlink(struct ntvfs_module_context *ntvfs,
        }
 
        if (name->stream_name) {
-               return pvfs_unlink_stream(pvfs, name, unl->in.attrib);
+               return pvfs_unlink_stream(pvfs, req, name, unl->in.attrib);
        }
 
        /* get list of matching files */